cleantalk
Vulnerabilities and Security Researches

Webcake – Landing Page Builder, CVE-2025-12165

CVE, Research URL

CVE-2025-12165

Home page URL

Security reports for Webcake – Landing Page Builder

Application

Webcake – Landing Page Builder

Published on
Dec 05, 2025
Research Description
The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.
Affected versions
max 1.1.
Status
vulnerable
Previous vulnerability researches
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025